mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
mediators-2024
infrastructure/roles/dovecot/tasks/main.yml
Robin Candau 701c1d01ef Migrate 'with_X' to 'loop'
2024-12-23 17:43:01 +00:00

82 lines
2.3 KiB
YAML
Raw Permalink Blame History

- name: Install dovecot
pacman: name=dovecot,pigeonhole state=present
# FIXME: check directory permissions
- name: Create dovecot configuration directory
file: path=/etc/dovecot state=directory owner=root group=root mode=0755
- name: Create dhparam
command: openssl dhparam -out /etc/dovecot/dh.pem 4096 creates=/etc/dovecot/dh.pem
- name: Install dovecot.conf
template: src=dovecot.conf.j2 dest=/etc/dovecot/dovecot.conf owner=root group=root mode=0644
notify:
- Reload dovecot
- name: Install shared-mailboxes{,-acl}
copy: src={{ item }} dest=/etc/dovecot/ owner=root group=root mode=0644
loop:
- shared-mailboxes
- shared-mailboxes-acl
notify:
- Reload dovecot
- name: Add vmail group
group: name=vmail gid=5000
- name: Add vmail user
user: name=vmail uid=5000 shell=/usr/bin/nologin group=vmail
- name: Create dovecot sieve dir
file: path=/etc/dovecot/sieve state=directory owner=root group=root mode=0755
- name: Install spam-to-folder.sieve
copy: src=spam-to-folder.sieve dest=/etc/dovecot/sieve/ mode=0644 owner=root group=root
notify:
- Run sievec
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ mail_domain }}"]
- name: Install dovecot cert renewal hook
template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/dovecot owner=root group=root mode=0755
- name: Start and enable dovecot
service: name=dovecot enabled=yes state=started
# faillock's default behavior allows third-parties to lock a user out of
# their mailbox by doing 3 failed auth attempts; turn it off and rely on
# fail2ban instead
- name: Disable pam_faillock lockout mechanism
lineinfile:
path: /etc/security/faillock.conf
regexp: deny =
line: deny = 0
- name: Open firewall holes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
loop:
- imaps
- managesieve
when: configure_firewall
tags:
- firewall
- name: Install systemd timers
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
loop:
- dovecot-cleanup.timer
- dovecot-cleanup.service
- name: Activate systemd timers
systemd_service:
name: "{{ item }}"
state: started
enabled: true
daemon_reload: true
loop:
- dovecot-cleanup.timer
View Git Blame Copy Permalink